onHacks

Simple Mail Transport Protocol (SMTP) is the basic protocol for message delivery in the network. As you know, it is the simplest protocol, you can imagine it is so simple that without considering much on security. However, I am not going to discuss the bugs in the specification, but I do want to cover some non-security related stuffs which is related to Extended SMTP (ESMTP). After RFC of SMTP was published, people noticed that SMTP is not enough to fulfil their requirements for mail delivery. They started designing extensions for SMTP, most commonly use extensions are: Delivery Status Notification (DSN), Transport Layer Security (STARTTLS), Authenticated SMTP (SMTP-AUTH) and SIZE.

These few days, I am looking around to disable some extensions in IIS virtual SMTP server. In more accurate, it is an ESMTP server. If you have tried setting up an IIS virtual SMTP server by yourself, you should know that there is no GUI for you to disable these extensions. However, if you search on the Internet, there are at least two ways to enable/ disable these extensions. One of them is to use Windows Script (WScript) to take the SMTP server as an object and, by assigning the value to different properties to configure the extensions. On the other hand, you can use Mdutil.exe to edit the metabase key that let the SMTP advertise the extensions. In this entry, I am going to cover the detail of how to use Mdutil.exe to modify the key.

Mdutil.exe is a metabase key editor. By default, mdutil.exe is not installed in the Windows. You can search it in the install CD. In Windows 2000 CD, the name of it is Mdutil.ex_, you can move it to your computer and rename it. After that, you should first determine how many SMTP Virtual Server instances are configured. You can do this by using the following command:

Mdutil.exe enum -path:smtpsvc

You are suppose to see something similar to the following:

• [/smtpsvc/1]
• [/smtpsvc/2]
• [/smtpsvc/3]

Each entry represents an virtual SMTP server instance. You must look in the Microsoft Management Console (MMC) to find the virtual SMTP server instance that you want to modify. The virtual SMTP server instances are listed from top to bottom.
asdf
You can use the following command to obtain the original property value, while <n> is the number of the SMTP server instance that you want to modify.

Mdutil.exe get -path:smtpsvc/<n> -prop:36998

If you receive the error message: “Error: GetData – HRES(0×800cc801) MD_ERROR_DATA_NOT_FOUND”, the metabase property 36998 is not stored in the properties of this SMTP server instance.Otherwise, you will have the response of the value like this:

36998 : [IS] (DWORD) 0×7574c1={7697601}

Then we should take a look which extensions we can configure.

Then the rule is very simple: If you want to disable an advertisement, just subtract its corresponding value from the original property value; If you want to enable an advertisement, add its value to the original property value. For example, the original value is 0×7574c1 and I want to disable DSN (by default DSN is enabled, the original property value is the sum of some of the advertisements), you can set the property value to 0×7574c1 – 0×40 = 0×757481. To assign the new value to it, you can perform the following command.

Mdutil.exe set -path:smtpsvc/ -prop:36998 -utype:UT_SERVER -dtype:DWORD -attrib:INHERIT -value:0×757481

By replacing the -value attribute, you can set the property at 36998 to different value. Then you can connect to your SMTP server and see the new list of extensions by typing EHLO.

It is just a very breif introduction to Mdutil.exe, I think it has a great power to modify other metabase key of applications in Windows.

Hope you enjoy!

Reference:

• How to turn off 8BITMIME in Windows 2000 and in Windows Server 2003 SMTP service
• Microsoft Exchange Server 2003 Advanced Administration

Email, Windows ESMTP, IIS, Mdutil